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DETAILED ACTION 

1 . Claims 1-26 are presented for examination. 

The claims and only the claims form the metes and bounds of the invention. "Office personnel are to give claims their 
broadest reasonable interpretation in hght of the supporting disclosure. In re Morris, 127 F.3d 1048, 1054-55, 
44 USPQ2d 1023, 1027-28 (Fed. Cir. 1997). Limitations appearing in the specification but not recited in the claim are 
not read into the claim. In re Prater, 415 F.2d 1393, 1404-05, 162 USPQ 541, 550-551 (CCPA 1969)" (MPEP p 2100- 
8, c 2, 1 45-48; p 2100-9, c 1,1 1-4). The Examiner has full latitude to interpret each claim in the broadest reasonable 
sense. The Examiner will reference prior art using terminology famihar to one of ordinary skill in the art. Such an 
approach is broad in concept and can be either explicit or implicit in meaning. 

Information Disclosure Statement 

2. The information disclosure statement (IDS) submitted on 04/01/2005 is in compliance 
with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being 
considered by the examiner. 

Preliminary Amendment 

3. The preliminary amendment submitted on 04/01/2005 is duly noted. 

Oath/Declaration 

4. The Oath/Declaration is objected to because the applicant fails to claim priority from the 
US provisional application 60415202 filed on 10/02/2002. 
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Priority 

5 . The claim for priority from the US provisional apphcation 604 1 5202 filed on 1 0/02/2002 
is duly noted. 

Specification 

6. The abstract of the disclosure does not commence on a separate sheet in accordance with 
37 CFR 1 .52(b)(4). A new abstract of the disclosure is required and must be presented on a 
separate sheet, apart fi-om any other text. The abstract must also be submitted separately from the 
priority document. 

The specification is objected to as failing to provide proper antecedent basis for the 
claimed subject matter. See 37 CFR 1.75(d)(1) and MPEP § 608.01(o). Correction of the 
following is required: Claim 25 recites the limitation "means for" in lines 2, 4, and 5. There is 
insufficient antecedent basis in the specification for this limitation in the claim. 

Claim Rejections - 35 USC § 112 
The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

7. Claims 15, 16, 25, and 26 are rejected under 35 U.S.C. 112, second paragraph, as 
being indeflnite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

Claims 15 and 16 recites the limitation "said set of data elements" in lines 1-3. There is 
insufficient antecedent basis for this limitation in the claim. 
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Claim 25 recites the limitation "means for" in lines 2, 4, and 5. There is insufficient 
antecedent basis for this limitation in the claim. 

Claim 26 recites the limitation "said requests" in lines 3 and 6. There is insufficient 
antecedent basis for this limitation in the claim. 



Claim Rejections - 35 USC § 101 
35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

8. Claim 24-26 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. As to independent claims 24 and 26, in the preamble 
the applicant states "A computer readable medium containing computer executable instructions 
which, when loaded to a processor"; in the specification it states "software embodied in a 
computer readable medium 76, such as a computer diskette, a read-only memory (ROM) chip, or 
a file downloaded from a remote source" this statement indicates that the computer readable 
medium could be hardware or software. The computer readable medium must be tangibly 
embodied in some sort of hardware storage device. As to independent claim 25, in the preamble 
the applicant states that it is a system claim. In a system claim there must be a hardware 
component such as a processor or memory that the software modules are stored in or run on. 
Also in independent claim 25 lacks utility because there is no support in the specification for a 
"means for" claim. In view of the below sited MPEP section the claim is non-statutory because 
it is functional descriptive material per se. 



Application/Control Number: 10/530,074 

Art Unit: 2136 



Pages 



MPEP 2106.01 [R-5] 

Descriptive material can be characterized as either "functional descriptive material" or 
"nonftinctional descriptive material." In this context, "fimctional descriptive material" 
consists of data structures and computer programs which impart limctionaUty when 
employed as a computer component. (The definition of "data structure" is "a physical or 
logical relationship among data elements, designed to support specific data manipulation 
functions." The New IEEE Standard Dictionary of Electrical and Electronics Terms 308 
(5th ed. 1993).) 

Both types of "descriptive material" are nonstatutory when claimed as descriptive 
material per se, 33 F.3d at 1360, 31 USPQ2d at 1759. 



Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) ihc invcnlion was known or used by others in this coimtry, or patented or described in a printed pubUcation in this 
or a foreign country, before the invention thereof by the applicant for a patent. 

9. Claims 1-5, 14-15, 17, and 21-26 are rejected under 35 U.S.C. 102(a) as being 
anticipated by US 6311278 (Moran). 

As to claim 1, Moran discloses a method for facilitating creation of rules for screening 
application layer requests (Moran column 2, lines 49-52), comprising: grouping application layer 
requests fi-om a sample space of application layer requests (Moran column 3, lines 15-17) by a 
feature of said requests (Moran column 3, lines 1-5 and column 7, lines 13-18). 

As to claim 2, Moran discloses the method of claim 1 wherein said feature is a segment 
of a destination address indicator (Moran column 5, lines 37-45). 

As to claim 3, Moran discloses the method of claim 2 wherein said application layer 
requests are Hypertext Protocol (HTTP) requests and said destination address indicator is a 
Universal Resource Indicator (URI) (Moran column 5, lines 37-45). 

As to claim 4, Moran discloses the method of claim 3 wherein said segment of said URI 
is a URI pathname extension (Moran column 5, lines 37-45). 
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As to claim 5, Moran discloses the method of claim 4 wherein URI pathname extensions 
used for said grouping are pre-determined (Moran column 3, lines 4-5). 

As to claim 14, Moran discloses the method of claim 1 further comprising: obtaining a 
set of data templates applicable to each constituent type of said requests; obtaining a rule set for 
each requests grouping by: for each type of constituent of said requests, identifying names and 
associated data elements found in requests of said each requests grouping; for each name: 
obtaining a sample group of data elements, each data element associated with an instance of said 
each name; matching said sample group of data elements with a data element template; and 
binding a rule to said each name based on said matching data template (Moran column 5, lines 
40-67 and column 6, lines 1-28). 

As to claim 15, Moran discloses the method of claim 14 further comprising: for each 
name, determining a length of a longest data element in said set of data elements and binding a 
further rule to said each name stipulating a maximum permissible length of a data element as 
said length (Moran column 5, lines 49-55). 

As to claim 17, Moran discloses the method of claim 14 further comprising, for each 
requests grouping, searching for an element that is present in each request of said each request 
grouping and, on finding a given element that is present in each request of said each requests 
grouping, estabUshing an existential rule for said each requests grouping requiring the existence 
of said given element (Moran column 3, lines 1-5 and 65-67 and column 4, lines 1-5). 

As to claim 21, Moran discloses a method of creating a rule set for screening application 
layer requests, comprising: obtaining a set of data templates applicable to each constituent type 
of said requests (Moran column 2, lines 49-52); grouping application layer requests utilising one 
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or more grouping criteria (Moran column 3, lines 15-17); obtaining a rule set for each requests 
grouping by: for each type of constituent of said requests, identifying names and associated data 
elements found in requests of said each requests grouping; for each name: obtaining a sample 
group of data elements, each data element associated with an instance of said each name; 
matching said sample group of data elements with a data element template; and binding a rule to 
said each name based on said matching data template (Moran column 5, lines 40-67 and column 
6, lines 1-28). 

As to claim 22, Moran discloses a method for facilitating creation of a rule set for 

screening Hypertext Protocol (HTTP) requests (Moran column 2, lines 49-52), comprising: 
grouping HTTP requests from a sample space of HTTP requests (Moran column 3, lines 15-17) 
by Universal Resource Indicator (URI) pathname extensions of said requests (Moran column 3, 
lines 1-5, column 7, lines 13-18, and column 5, lines 37-45). 

As to claim 23, Moran discloses a system for facilitating creation of rules for screening 
application layer requests (Moran column 2, lines 49-52), comprising: a database for storing a 
sample space of application layer requests (Moran column 3, lines 15-17); and a rule generator 
for grouping application layer requests from said sample space of application layer requests by a 
feature of said requests (Moran column 3, lines 1-5 and lines 15-17, column 7, lines 13-18). 

As to claim 24, Moran discloses a computer readable medium containing computer 
executable instructions which, when loaded to a processor, adapt said processor to: group 
application layer requests from a sample space of application layer requests (Moran column 3, 
lines 15-17) by a feature of said requests (Moran column 3, lines 1-5, column 7, lines 13-18, and 
column 5, lines 37-45). 
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As to claim 25, Moran discloses a system for creating a rule set for screening application 
layer requests, comprising: means for obtaining a set of data templates applicable to each 
constituent type of said requests (Moran column 2, lines 49-52); means for grouping application 
layer requests utilising one or more grouping criteria (Moran column 3, lines 15-17); means for 
obtaining a rule set for each requests grouping by: for each type of constituent of said requests, 
identifying names and associated data elements found in requests of said each requests grouping; 
for each name: obtaining a sample group of data elements, each data element associated with an 
instance of said each name; matching said sample group of data elements with a data element 
template; and binding a rule to said each name based on said matching data template (Moran 
column 5, lines 40-67 and column 6, lines 1-28). 

As to claim 26, Moran discloses a computer readable medium containing computer 
executable instructions which, when loaded to a processor, adapt said processor to: obtain a set 
of data templates applicable to each constituent type of said requests (Moran column 2, lines 49- 
52); group application layer requests utilising one or more grouping criteria (Moran column 3, 
lines 15-17); obtain a rule set for each requests grouping by: for each type of constituent of said 
requests, identifying names and associated data elements found in requests of said each requests 
grouping; for each name: obtaining a sample group of data elements, each data element 
associated with an instance of said each name; matching said sample group of data elements with 
a data element template; and binding a rule to said each name based on said matching data 
template (Moran column 5, lines 40-67 and column 6, lines 1-28). 
27-31. (canceled) 
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Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the im ention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the stibject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

10. Claims 6-13 and 18-20 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over US 6311278 (Moran) as applied to claim 1 above, and further in view of 
US 20020143939 (Riddle). 

As to claim 6, Moran discloses the method of claim 4. Moran fails to teach wherein 
some URI pathname extensions used for said grouping are pre-determined and each one of others 
is determined as a URI pathname extension used in the URI of a threshold number of said 
requests. 

However, Riddle discloses wherein some URI pathname extensions used for said 
grouping are pre-determined and each one of others is determined as a URI pathname extension 
used in the URI of a threshold number of said requests (Riddle page 8, paragraphs 0120, 0133, 
0139, and 0142). 

It would be obvious to one of ordinary skill in the art at the time of the applicant's 
invention to combine Moran and Riddle because Riddle facilitates the creation of rules more 
specifically (Riddle page 8, paragraphs 0120, 0133, 0139, and 0142). 

As to claim 7, Moran discloses the method of claim 4. Moran fails to teach further 
comprising, for a residue of HTTP requests not grouped by said grouping, grouping requests of 
said residue by directory name prefix portions of URI pathnames of said residue. 
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However, Riddle discloses further comprising, for a residue of HTTP requests not 
grouped by said grouping, grouping requests of said residue by directory name prefix portions of 
URI pathnames of said residue (Riddle page 6, paragraph 0081). 

It would be obvious to one of ordinary skill in the art at the time of the applicant's 
invention to combine Moran and Riddle because Riddle gives more explicit details as to what 
happens to the leftover requests in Moran (Riddle page 6, paragraph 0081). 

As to claim 8, the modified Moran discloses the method of claim 7. The modified Moran 
fails to teach wherein said directory name prefix portions used for said grouping are pre- 
determined. 

However, Riddle discloses wherein said directory name prefix portions used for said 
grouping are pre-determined (Riddle page 6, paragraph 0081). 

It would be obvious to one of ordinary skill in the art at the time of the applicant's 
invention to combine Moran and Riddle because Riddle gives more explicit details as to what 
happens to the leftover requests in Moran (Riddle page 6, paragraph 0081). 

As to claim 9, the modified Moran discloses the method of claim 7. The modified Moran 
fails to teach wherein some of said directory name prefix portions used for said grouping are pre- 
determined and each one of others is determined as a directory name prefix portion used in the 
URI of a threshold number of said requests. 

However, Riddle disclose wherein some of said directory name prefix portions used for 
said grouping are pre-determined and each one of others is determined as a directory name prefix 
portion used in the URI of a threshold number of said requests (Riddle page 8, paragraph 0142). 
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It would be obvious to one of ordinary skill in the art at the time of the applicant's 
invention to combine Moran and Riddle because Riddle facilitates the creation of rules more 
specifically (Riddle page 8, paragraphs 0142). 

As to claim 10, the modified Moran discloses the method of claim 7. The modified 

Moran fails to teach further comprising, for a second residue of HTTP requests not yet grouped, 
grouping requests of said second residue by string patterns within URI pathnames of said second 
residue. 

However, Riddle disclose fiirther comprising, for a second residue of HTTP requests not 
yet grouped, grouping requests of said second residue by string patterns within URI pathnames 
of said second residue (Riddle page 6, paragraph 0082 and page 9, paragraph 0166). 

It would be obvious to one of ordinary skill in the art at the time of the applicant's 
invention to combine Moran and Riddle because Riddle gives more explicit details as to what 
happens to the leftover requests in Moran (Riddle page 6, paragraph 0082 and page 9, paragraph 
0166). 

As to claim 11, the modified Moran discloses the method of claim 10. The modified 
Moran fails to teach fiirther comprising, for a third residue of HTTP requests not yet grouped, 
grouping a sub-set of requests of said third residue, each request of said sub-set having a 
common property. 

However, Riddle disclose further comprising, for a third residue of HTTP requests not 
yet grouped, grouping a sub-set of requests of said third residue, each request of said sub-set 
having a common property (Riddle page 6, paragraphs 0081 and 0082). 
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It would be obvious to one of ordinary skill in the art at the time of the applicant's 
invention to combine Moran and Riddle because Riddle gives more explicit details as to what 
happens to the leftover requests in Moran (Riddle page 6, paragraphs 0081 and 0082). 

As to claim 12, the modified Moran discloses the method of claim 1 1 . The modified 
Moran fails to teach wherein said common property is a pre-determined content-type . 

However, Riddle disclose wherein said common property is a pre-determined content- 
type (Riddle page 5, paragraph 0080). 

It would be obvious to one of ordinary skill in the art at the time of the applicant's 
invention to combine Moran and Riddle because Riddle's specification of the traffic 
classification is more detailed (Riddle page 5, paragraph 0080). 

As to claim 13, the modified Moran discloses the method of claim 1 1 . The modified 
Moran fails to teach wherein said common property is one of a pre-determined content-type and 
a content-type used in a threshold number of said sub-set of requests. 

However, Riddle disclose wherein said common property is one of a pre-determined 
content-type and a content-type used in a threshold number of said sub-set of requests (Riddle 
page 5, paragraph 0080 and page 6, paragraph 0081). 

It would be obvious to one of ordinary skill in the art at the time of the applicant's 
invention to combine Moran and Riddle because Riddle's specification of the traffic 
classification is more detailed (Riddle page 5, paragraph 0080 and page 6, paragraph 0081). 

As to claim 18, the modified Moran discloses the method of claim 17. The modified 
Moran fails to teach wherein, if said given element is found to be present in each request of said 
each requests grouping in at least a given number of instantiations, said existential rule for said 
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each requests grouping is established to require the existence of said given element in said 
minimum number of instantiations. 

However, Riddle disclose wherein, if said given element is found to be present in each 
request of said each requests grouping in at least a given number of instantiations, said existential 
rule for said each requests grouping is established to require the existence of said given element 
in said minimum number of instantiations (Riddle page 8, paragraph 0142). 

It would be obvious to one of ordinary skill in the art at the time of the applicant's 
invention to combine Moran and Riddle because Riddle facilitates the creation of rules more 
specifically (Riddle page 8, paragraphs 0142). 

As to claim 19, the modified Moran discloses the method of claim 14. The modified 
Moran fails to teach fiirther comprising, for each requests grouping, determining a statistical 
measure of a property of requests in said requests grouping and estabhshing a statistical rule for 
said each requests grouping based on said statistical measure. 

However, Riddle disclose comprising, for each requests grouping, determining a 
statistical measure of a property of requests in said requests grouping and establishing a 
statistical rule for said each requests grouping based on said statistical measure (Riddle page 2, 
paragraph 0025). 

It would be obvious to one of ordinary skill in the art at the time of the applicant's 
invention to combine Moran and Riddle because by Riddle applying a statistical measure to the 
traffic flow enhances the creation of rules (Riddle page 2, paragraph 0025). 

As to claim 20, the modified Moran discloses the method of claim 14. The modified 
Moran fails to teach fiirther comprising, for each requests grouping, establishing a trigger for 
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said rule set, said trigger comprising a feature by way of which said each requests grouping was 
formed. 

However, Riddle disclose further comprising, for each requests grouping, establishing a 
trigger for said rule set, said trigger comprising a feature by way of which said each requests 
grouping was formed (Riddle page 2, paragraphs 0021-0022 and page 3, paragraphs 0037 and 
0051). 

It would be obvious to one of ordinary skill in the art at the time of the applicant's 
invention to combine Moran and Riddle because Moran creates a new rule when a trigger or a 
new rule is needed and Moran is just more specific about the creation (Riddle page 2, 
paragraphs 0021-0022 and page 3, paragraphs 0037 and 0051). 

1 1 . Claim 16 is rejected under 35 U.S.C. 103(a) as being unpatentable over US 6311278 
(Moran) as applied to claim 14 above, and further in view of US 20030226038 (Raanan). 

As to claim 16, Moran discloses the method of claim 14. Moran fails to teach wherein, 
where said data elements in said set of data elements are numeric, determining a value of a 
largest valued data element in said set of data elements and a value of a smallest valued data 
element in said set of data elements and binding a further rule to said each name stipulating a 
maximum permissible value of a data element based on said value of said largest valued data 
element and a minimum permissible value based on said value of said smallest valued data 
element. 

However, Raanan discloses wherein, where said data elements in said set of data 
elements are numeric, determining a value of a largest valued data element in said set of data 
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elements and a value of a smallest valued data element in said set of data elements and binding a 
further rule to said each name stipulating a maximum permissible value of a data element based 
on said value of said largest valued data element and a minimum permissible value based on said 
value of said smallest valued data element (Raanan page 2, paragraph 0032). 

It would be obvious to one of ordinary skill in the art at the time of the applicant's 
invention to combine Moran and Raanan because Raanan facilitates the creation of rules more 
specifically (Raanan page 2, paragraph 0032). 

Prior Art 

12. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. US 7200684 is pertinent because it teaches. . .The data packets received at the root 
node of a sorting tree, are successively passed to each child node of the primary level of the tree 
until the predetermined node criteria of the child node are satisfied. The packets are then 
successively passed to the secondary level of the tree, when the child node in the secondary level 
does not satisfy predetermined node criteria. US 20020053033 is pertinent because it teaches. . . 
A method and apparatus ascertain which credential and which condition both from a network 
security policy best describe, respectively, information about initiator and target principals 
involved in an interaction, and tests performed on a state of an associated protocol event. 
US 20020093527 is pertinent because it teaches. . . A user interface for a network security policy 
monitoring system and method that performs network and security assessments based on system- 
wide policy, whereby real network traffic is analyzed to identify abnormalities, vulnerabilities, 
and incorrect configurations by listening on a network, logging events, and taking action. 
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US 5828846 is pertinent because it teaches. . . Passage of packets or messages is controlled 
between a device and a network via a virtual connection or flow which conforms to a predefined 
communication protocol. In connection with processing a packet or message that triggers a step 
in managing the virtual connection or flow, predefined authorization rules are applied to 
determine whether to permit the step to occur. In connection with processing a packet or message 
that does not trigger a step in managing the virtual connection or flow, the packet or message is 
permitted to pass directly via the virtual connection or flow, without applying the predefined 
authorization rules. US 7032072 is pertinent because it teaches. . . A method and apparatus for 
performing classification in a hierarchical classification system performing caching are 
described. In one embodiment, the method comprises walking a classification tree in the 
hierarchical classification system to determine whether an incoming flow matches a class in the 
classification tree, and performing a lookup on a cache storing a data structure of multiple classes 
of one classification type to compare the incoming flow with multiple classes at the same time to 
determine whether the incoming flow matches one of the classes. 



Conclusion 

13. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Rebecca L. Pachura whose telephone number is (571) 270-3402. 
The examiner can normally be reached on Monday-Thursday 7:30 am-6:00 pm est. 

If attempts to reach the examiner by telephone are unsuccessfiil, the examiner's 
supervisor, Nasser Moazzami can be reached on (571) 272-4195. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Rebecca L Pachura/ 
Examiner, Art Unit 2136 



/Nasser G Moazzami/ 

Supervisory Patent Examiner, Art Unit 2136 



